We may earn an affiliate commission when you visit our partners.
Matthew Lloyd Davies

Explore how Volt Typhoon abused command and scripting interpreters to execute commands, scripts, and binaries in critical infrastructure networks.

Read more

Explore how Volt Typhoon abused command and scripting interpreters to execute commands, scripts, and binaries in critical infrastructure networks.

Volt Typhoon abused various command and scripting interpreters, such as PowerShell and the Windows Command Shell, as a way to execute arbitrary commands for the purpose of host and network enumeration, establishing command and control infrastructure, and evading defenses. In this course, Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation, you’ll focus specifically on how Volt Typhoon used the Windows Command Shell to gather information about hosts, users, and wider network information after gaining initial access to critical infrastructure networks. The commands they used are commonly used by system administrators on a day to day basis, so it was an incredibly stealthy technique that allowed Volt Typhoon to remain hidden within the networks for several years.

Enroll now

What's inside

Syllabus

Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Develops command and scripting interpreter emulation skills and knowledge, which are core skills for cybersecurity professionals
Taught by instructors with expertise in cybersecurity, Matthew Lloyd Davies, recognized for their work in the field
Examines Volt Typhoon's techniques, which are highly relevant to understanding cybersecurity threats and defenses
Provides insights into the stealth tactics used by sophisticated threat actors, adding color to the understanding of cybersecurity
Requires prior knowledge in cybersecurity, making it suitable for intermediate learners

Save this course

Save Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation with these activities:
Attend a Workshop on Command and Scripting Interpreter Emulation
Expand your knowledge and skills in command and scripting interpreter emulation by attending a specialized workshop.
Show steps
  • Research upcoming workshops on command and scripting interpreter emulation.
  • Register for a workshop that aligns with your learning goals.
  • Attend the workshop and actively participate in the sessions.
Review foundational command line commands
Refresh your knowledge of basic command line commands to prepare for this course.
Browse courses on Command Line Interface
Show steps
  • Access a terminal emulator on your computer.
  • Run commands to navigate directories, list files, and create new files.
Follow tutorials on PowerShell and the Windows Command Shell
Familiarize yourself with the specific commands and techniques used by Volt Typhoon to execute commands and establish command and control infrastructure.
Browse courses on Powershell
Show steps
  • Find online tutorials on PowerShell and the Windows Command Shell.
  • Follow the tutorials to practice using the commands covered in this course.
14 other activities
Expand to see all activities and additional details
Show all 17 activities
Read the Book: Practical Malware Analysis
Enhance your understanding of malware analysis techniques, as used by Volt Typhoon, by reviewing this recommended text.
Show steps
  • Obtain a copy of the book.
  • Read the chapters relevant to command and scripting interpreter emulation.
  • Take notes and highlight key concepts.
Practice using the commands covered in this course
Reinforce your understanding of the commands and techniques used by Volt Typhoon by practicing them in a hands-on environment.
Show steps
  • Set up a virtual machine or testing environment.
  • Run the commands covered in this course to gather information, establish command and control, and evade defenses.
Connect with Experts in Command and Scripting Interpreter Emulation
Accelerate your learning by reaching out to professionals who specialize in command and scripting interpreter emulation.
Show steps
  • Identify potential mentors through online forums, social media, or professional organizations.
  • Craft a personalized message introducing yourself and expressing your interest in mentorship.
  • Follow up with your mentors regularly to ask questions and share your progress.
Examine Windows Command Shell Commands
Practice using the Windows Command Shell commands to gain a deeper understanding of how Volt Typhoon leveraged them.
Show steps
  • Open the Windows Command Shell as an administrator.
  • Execute the following commands to gather information about your system:
  • - systeminfo
  • - ipconfig /all
  • - whoami
Command Shell Tuturials
Review some of the command line basics that hackers and sysadmins use every day.
Show steps
  • Review Windows Command Shell syntax.
  • Execute command shell commands.
Practice Using the Command Shell
Get some hands-on experience working with the command shell.
Show steps
  • List files and directories.
  • Create and delete files.
  • Execute commands.
Interpret Windows Command Shell Script Output
Develop your ability to interpret the output of Windows Command Shell scripts to better understand how Volt Typhoon used them.
Show steps
  • Create a batch file with the following contents:
  • @echo off
  • ipconfig
  • whoami
  • systeminfo > systeminfo_output.txt
Write a blog post or article summarizing the techniques used by Volt Typhoon
Deepen your understanding of the material by explaining it to others.
Show steps
  • Choose the specific techniques used by Volt Typhoon that you want to cover.
  • Research and gather information about these techniques.
  • Write a blog post or article that clearly explains how these techniques work and how they were used by Volt Typhoon.
Command Shell Cheat Sheet
Create a cheat sheet of useful command shell commands.
Show steps
  • Research commonly used command shell commands.
  • Organize commands into categories.
  • Create a cheat sheet.
Explore Command and Scripting Interpreter Emulation Techniques
Enhance your knowledge of command and scripting interpreter emulation by following guided tutorials.
Show steps
  • Search online for tutorials on command and scripting interpreter emulation.
  • Follow the steps provided in the tutorials to experiment with different techniques.
  • Document your findings and observations in a notebook.
Attend a cybersecurity conference or meet-up
Connect with other cybersecurity professionals and learn about the latest trends and techniques.
Show steps
  • Find a cybersecurity conference or meet-up in your area.
  • Attend the event and network with other attendees.
Mentor New Command Shell Users
Help others learn about the command shell.
Show steps
  • Identify someone who needs help with the command shell.
  • Provide guidance and support.
Develop a PowerShell Script for Network Reconnaissance
Gain practical experience in using scripting languages like PowerShell for network exploration, similar to the tactics employed by Volt Typhoon.
Browse courses on Network Reconnaissance
Show steps
  • Learn the basics of PowerShell scripting.
  • Develop a PowerShell script that performs network reconnaissance tasks, such as host discovery and port scanning.
  • Test your script in a lab environment.
Contribute to an open-source cybersecurity project
Gain hands-on experience and learn from others by contributing to an open-source project in the cybersecurity field.
Show steps
  • Find an open-source cybersecurity project that interests you.
  • Identify ways that you can contribute to the project.
  • Reach out to the project maintainers and offer your help.

Career center

Learners who complete Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation will develop knowledge and skills that may be useful to these careers:
Systems Administrator
Systems Administrators are responsible for managing and maintaining computer systems. This course can help Systems Administrators by teaching them how to use command and scripting interpreters to automate system administration tasks and improve their efficiency. These skills can help Systems Administrators manage and maintain computer systems more effectively.
Penetration Tester
Penetration Testers are responsible for identifying and exploiting vulnerabilities in computer systems. This course can help Penetration Testers by teaching them how to use command and scripting interpreters to automate penetration testing tasks and improve their efficiency. These skills can help Penetration Testers identify and exploit vulnerabilities more quickly and effectively.
Information Security Analyst
Information Security Analysts are responsible for protecting organizations from cyber threats. This course can help Information Security Analysts by teaching them how to use command and scripting interpreters to detect and respond to security incidents. These skills can help Information Security Analysts improve their ability to protect organizations from data breaches and other security threats.
Security Engineer
Security Engineers are responsible for designing and implementing security solutions to protect organizations from cyber threats. This course can help Security Engineers by teaching them how to use command and scripting interpreters to automate security tasks and improve their efficiency. These skills can help Security Engineers design and implement more effective security solutions.
Security Analyst
Security Analysts are responsible for monitoring and analyzing security data to identify and respond to security threats. This course can help Security Analysts by teaching them how to use command and scripting interpreters to automate security analysis tasks and improve their efficiency. These skills can help Security Analysts identify and respond to security threats more quickly and effectively.
Network Security Engineer
Network Security Engineers are responsible for designing and implementing network security solutions. This course can help Network Security Engineers by teaching them how to use command and scripting interpreters to automate network security tasks and improve their efficiency. These skills can help Network Security Engineers design and implement more effective network security solutions.
Network Administrator
Network Administrators are responsible for managing and maintaining computer networks. This course can help Network Administrators by teaching them how to use command and scripting interpreters to automate network management tasks and troubleshoot network issues. These skills can help Network Administrators improve their efficiency and productivity.
Data Analyst
Data Analysts are responsible for collecting, cleaning, and analyzing data to help businesses make informed decisions. This course can help Data Analysts by teaching them how to use command and scripting interpreters to automate tasks and extract insights from complex data sets. These skills can help Data Analysts improve their efficiency and accuracy, and gain a competitive edge in the job market.
IT Auditor
IT Auditors are responsible for reviewing and evaluating IT systems to ensure that they are operating in accordance with regulations and best practices. This course can help IT Auditors by teaching them how to use command and scripting interpreters to automate audit tasks and improve their efficiency.
Cloud Engineer
Cloud Engineers are responsible for designing, implementing, and managing cloud computing solutions. This course may be useful for Cloud Engineers who want to learn how to use command and scripting interpreters to automate cloud management tasks and improve their efficiency.
Machine Learning Engineer
Machine Learning Engineers are responsible for developing and deploying machine learning models. This course may be useful for Machine Learning Engineers who want to learn how to use command and scripting interpreters to automate machine learning tasks and improve their efficiency.
Web Developer
Web Developers are responsible for designing, developing, and maintaining websites. This course may be useful for Web Developers who want to learn how to use command and scripting interpreters to automate web development tasks and improve their efficiency.
Data Scientist
Data Scientists are responsible for using data to solve business problems. This course may be useful for Data Scientists who want to learn how to use command and scripting interpreters to automate data science tasks and improve their efficiency.
Software Developer
Software Developers are responsible for designing, developing, and maintaining software applications. This course may be useful for Software Developers who want to learn how to use command and scripting interpreters to automate software development tasks and improve their efficiency.
Technical Support Specialist
Technical Support Specialists are responsible for providing technical support to users. This course may be useful for Technical Support Specialists who want to learn how to use command and scripting interpreters to automate support tasks and improve their efficiency.

Reading list

We've selected nine books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation.
Provides a deep dive into the internal workings of Windows, including the Windows Command Shell. It offers advanced knowledge for understanding how Volt Typhoon exploited these components.
Offers a practical guide to malware analysis, including techniques for identifying and understanding malicious code that may leverage command and scripting interpreters. It provides hands-on experience in analyzing malware samples and understanding their behavior.
Provides a comprehensive overview of PowerShell, including advanced scripting techniques. It offers valuable insights into how Volt Typhoon may have leveraged PowerShell for malicious purposes.
Provides a detailed overview of incident response and computer forensics, covering techniques for investigating and responding to cyber attacks that may involve the use of command and scripting interpreters. It offers guidance on evidence collection, analysis, and reporting.
Delves into memory forensics, a critical skill for detecting malware and threats that may utilize command and scripting interpreters. It provides a thorough understanding of memory analysis techniques and how to identify malicious activity.
Provides insights into hacker techniques, tools, and incident handling. It offers a practical understanding of how attackers use command and scripting interpreters and how to defend against their tactics.
This handbook provides guidance from the Cybersecurity and Infrastructure Security Agency (CISA) on cybersecurity best practices, including measures to protect against attacks that may involve the use of command and scripting interpreters.
Provides a hands-on approach to network security assessment, including techniques for identifying vulnerabilities that may be exploited using command and scripting interpreters. It offers practical guidance on conducting network security assessments and identifying potential threats.
Focuses on network security monitoring, covering techniques for detecting and preventing cyber attacks that may involve the use of command and scripting interpreters. It provides a comprehensive understanding of security monitoring tools and strategies.

Share

Help others find this course page by sharing it with your friends and followers:

Similar courses

Here are nine courses similar to Volt Typhoon: T1059.003 Command and Scripting Interpreter Emulation.
Hands-on Introduction to Linux Commands and Shell...
Most relevant
Linux Commands & Shell Scripting
Most relevant
Linux Shell Scripting: A Project-Based Approach to...
Most relevant
The Bash Shell and Basic Scripting in Linux
Most relevant
Volt Typhoon: T1070.003 Indicator Removal Emulation
Most relevant
Execution with Unicorn
Most relevant
Learning Windows PowerShell
Most relevant
Scripting for Security with Bash
Most relevant
Command and Control with PoshC2
Most relevant
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser